Group “C” Introduction

 Emmad Hassan
 Malik Mudasar
 Hammad Ali
 H. Frank Cervone
Information Technology Division, Northwestern
University Library, Evanston,
Illinois, USA
PURPOSE OF RESEARCH
 Understanding problems and issues related to risk
management
 Develop techniques for minimizing risks in digital
libraries project
INTRODUCTION
Risk Management
 Risk is a problem that has not happened-yet
 Risks are the problems which are encountered by
project manager during performing project
Risk Management Techniques
 Problem Remediation Activities
 Hiring Outside Vendor
 Risk Absorbed by Simple Planning
 Quality Control
Practices
PROJECT RISK FACTORS
Keil et al. (1998) noted most common risk factors in
digital projects:
 Lack of top management commitment
 Failure to gain user commitment
 Misunderstanding the requirement
 Lack of adequate user involvement
 Failure to manage end user expectation
PROJECT RISK FACTORS
Jones (1994) also added some risk factors:
 Creeping user requirement
 Excessive schedule pressure
 Cost overruns
 Low quality work as a result of undue pressure
RISK CATEGORIES
McConnell (1996) identified four major categories:
1. Dependency Risk
 Inter component dependencies within software
 Intergroup dependencies that occur when work
is split across functions;
 The availability of people to perform task
functions at the needed time; and
 Subcontractor relationships and the reliability
of delivery according to schedule
2. Requirement Risks
 lack of a clear vision for project
 lack of agreement on organizational
requirement
 Un prioritized Requirements
 Rapidly changing environment
 Inadequate change management processes
that do not provide documentation for later
reference.
3. Management Issues
 Inadequate overall planning and task identification
within project
 Poor project management and confusion among team
members
 Unclear project ownership and decision making
process
 Staff conflict and poor communication
4. Lack of Knowledge
 Lack of technology training
 Poor understanding of methods, tools and techniques
Risk Assessment
Accessing Project Risk
 Risk management cannot be done without accessing
risk.
 The first thing Project Manager needs to do is to
prepare a Risk Assessment to get a better
understanding of the kinds of risks he/she would face
and their possible consequences.
 In order to do so, there are 2 methods that are integral
to accessing risk which a Project Manager must
perform.
Step 1: Identify potential risks.
 Project Manager should sit down and create a list of
every possible risk and opportunity he/she can think
of.
 If Project Manager only focuses on the threats, he/she
could miss out on the chance to deliver unexpected
value to the customer or client.
 Project team should sit together and look at all of the
items and events within the project from the
perspective of the various risk categories and identify
those that could potentially have a significant negative
impact on the project.
Step 2: Risk Analysis
 With risk identification complete, risk analysis is
subsequently used to identify the likelihood the risks that
have been identified will occur and, if so, when that risk is
most likely to happen in the overall project timeline.
 There are several formal methods that can be used for risk
analysis, such as:
 Decision analysis.
 Cost risk analysis.
 Schedule analysis.
 Reliability analysis.
 However, for many projects, less formal methods work well.
Risk Prioritization
What is Risk Prioritization?

 Risk prioritization is the process of assessing the

probabilities and consequences of risk events if they are
realized. The results of this assessment are then used to
prioritize risks to establish a most-to-least-critical
importance ranking.
How Project Managers go about
Risk Prioritization?

 A favorite method many project managers use for analyzing

and evaluating project risk is based on some type of matrix-
based decision model.
 In these models, tasks are distinguished based on some
criteria, such as mission essential tasks versus mission
support tasks and then ranked according to criticality or some
measure of probability.
What author of the article thinks?
 The author has found that a more stabile measure of risk
prioritization can be arrived at by fusing elements of
strategies from several matrix-based schemes.
 The combination of these schemes leads to a cubic-
structure, rather than a matrix, as risks are evaluated
along three dimensions: impact, probability, and
discrimination.
 The effect of this ranking model is similar to that
proposed by Traeger (2005) for more generalized
business impact analyses.
Dimension 1: Risk Impact (research
of Lansdowne in 1999)
(1) Critical risk – five points – would cause program failure.
(2) Serious risk – four points – would cause major cost or
schedule increases and secondary requirements may not be
achieved.
(3) Moderate risk – three points – would cause moderate
cost/schedule increases; important requirements would still be
met.
(4) Minor risk – two points – would cause only small
cost/schedule increases.
(5) Negligible risk – one point – would have no substantive
effect on cost or schedule.
Dimension 2: Risk Probability
(based on Kendrick’s research in
2003)
 High probability – five points – likely occurrence
with a 50 percent or greater chance.
 Medium probability – three points – unlikely with a
10 percent to 49 percent chance of occurrence.
 Low probability – one point – very unlikely with a 10
percent or less chance of occurrence.
Dimension 3: Risk discrimination
(based on Kendrick’s research in
2003)
 High effect – one point – project objectives are at risk,
this risk will result in a mandatory change to scope,
schedule, or resources.
 Medium effect – three points – project objectives will
be achieved, but significant re-planning will be
required.
 Low effect – five points – no major plan changes will
result; the risk is an inconvenience or can be handled
with minor overtime work.
Risk control
and
resolution
Risk Control and Resolution
 With each risk evaluated in the context of the three
dimensions, a point value can be assigned to each risk using
the formula:
 Overall risk factor =Probability*impact/discrimination:
 All of the project risk factors can then be ranked by severity
of risk and, therefore, overall potential impact on the project.
Risk Control and Resolution
 Ranking is necessary because it would be difficult to provide a
plan for dealing with every possible risk in every step of the
project.
 The team now has a roadmap for mitigating project risk by
developing contingency plans only for the tasks that have the
highest risk factor.
 In most projects, the rule of thumb is that the team should focus
its risk resolution efforts on the top 20 percent of the identified
risks.
 Barki et al. (2001) have noted that the risk management
profile of a project needs to vary according to the level of
risk posed by the project itself with more risky projects
needing more extensive risk resolution
Some strategies for risk monitoring
and avoiding risk
 Most effective risk avoidance strategy is to ensure
communication throughout the project team and organization.
 Elements that can help in facilitating communication include
having a good project tracking system that is accessible to all
concerned parties.
 The system could provide for milestone tracking; that is, indicate
when significant events have occurred or have passed.
 Continual risk assessment can be implemented and given high
priority.
 Record the results of risk assessments as well as the mitigation
strategies for each of the risks pursued.
 Thank you

Questions ???